package com.lznAdmin.security.authorize;

import com.lznAdmin.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

/**
 * @program: lzn-manage-parent
 * @description: 认证放行相关授权配置实现类
 * @author: lzn
 * @create: 2021-09-01 22:17
 **/
@Component
public class CustomAuthorizeConfigurationProvider implements AuthorizeConfigurerProvider {

    @Autowired
    private SecurityProperties securityProperties;

    @Override
    public void configure(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        // 放行/login/page不需要认证可访问
        config.antMatchers(securityProperties.getAuthentication().getLoginPage(),
                securityProperties.getAuthentication().getImageCodeUrl(),
                securityProperties.getAuthentication().getLoginProcessingUrl()).permitAll();
    }
}
